Everyone who uses Impact must have a valid username and password, as configured by the system administrator. This defines what privileges, database settings, appearance settings the user has. Whenever drawings or settings are changed, Impact keeps track of which user made the change, and when, to maintain accountability.
If you are already connected to the database and you wish to log in using another username, you can use File - Disconnect, rather than exiting Impact and restarting it.
Configuring A User
Administrators can create new user accounts using Database - Administration. Each user must be assigned to a User Group. Each User Group has default Database Operation, Appearance Settings and User Privileges assigned. All these are Master Tool Settings. User groups can be defined as administrators, which means that they have all privileges and additional tools are available.
For a step-by-step guide, see: Add a New User Account.
The ADMIN User
ADMIN is a special username to be used only for certain administrative tasks - it is often referred to as "super administrator" to distinguish it from normal user accounts which happen to have administrator settings.
When anyone is logged in to the database as ADMIN, no other users can connect. Similarly, if other users are already connected, you cannot log in as ADMIN. This is to ensure that when any fundamental operations, such as database restructuring, are taking place, nothing else is happening which may interfere.
Passwords
It is recommended that all user accounts have passwords and that these passwords are kept secure, to preserve system security.
Any user can change their own password using File - User Properties, if given the user privilege to do so.
The user names and passwords should not be confused with any which you may have configured on the workstation or network - Impact user accounts are completely separate from these (except when LDAP is used - see below).
There are Options in Database Installation settings which allow you to enforce strict passwords, or allow blank passwords. Strict passwords must contain at least 6 characters, using some from at least 2 of the following groups:
- English letters [a to z] or [A to Z] (case ignored)
- Numeric digits [0 to 9]
- Non-alphanumeric ASCII characters (for example, !, $, #, %)
Passwords are normally case-insensitive (unless encrypted passwords are enabled).
Passwords can be stored in the database as plain text or encrypted. If you are currently using plain text, it is recommended that you run the Automatic Updates tool and use the Encrypt user passwords option. Note that you need to be logged in as ADMIN to use this tool, and it's a one-way, irreversible operation.
When passwords are encrypted and strict password rules are enforced, passwords must contain at least 6 characters, using some from at least 3 of the following groups:
- English lowercase letters [a to z]
- English uppercase letters [A to Z]
- Numeric digits [0 to 9]
- Non-alphanumeric ASCII characters (for example, !, $, #, %)
If LDAP Authentication is used, no password is stored in the Impact database for those users.
Using LDAP Authentication
Impact can be configured to also authenticate users against an LDAP server such as Microsoft Active Directory or Novel eDirectory running in your domain. When enabled, you don't need to configure individual users within Impact as their user accounts will be created automatically if they are authorised to use Impact.
Using LDAP authentication has advantages for both administrators and users. Users do not have to enter their username and password when logging in (and the login form can be hidden completely, in many circumstances). Users do not have a separate name and password to remember. Impact administrators do not need to manage the user accounts, as these are automatically synchronised with the network accounts (optionally including information such as department, telephone number, email address and so on).
If you wish, you can mix the two authentication modes, with some users connecting using LDAP credentials and others using traditional Impact accounts.
To interface Impact with your LDAP server, you must configure the LDAP Authentication and Authorization settings. Then you may wish to enable automatic LDAP authentication in the database connection properties on each workstation.